Release 1.3.0
·
299 commits
to master
since this release
From the CHANGELOG:
[1.3.0] 2020-03-02
Added
- Add support for Python 3.7 & 3.8
- Add support for Django>=2.1,<3.1
- Add requirement for oauthlib>=3.0.1
- Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
- Add support for custom token generators (e.g. to create JWT tokens).
- Add new
OAUTH2_PROVIDERsettings:ACCESS_TOKEN_GENERATORto override the default access token generator.REFRESH_TOKEN_GENERATORto override the default refresh token generator.EXTRA_SERVER_KWARGSoptions dictionary for oauthlib's Server class.PKCE_REQUIREDto require PKCE.
- Add
createapplicationmanagement command to create an application. - Add
idin toolkit admin console applications list. - Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob]
redirect_uri
for Google OAuth2 "manual copy/paste".
N.B. this feature appears to be deprecated and replaced with methods described in
RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed
from a future release of Django-oauth-toolkit.
Changed
- Change this change log to use Keep a Changelog format.
- Backwards-incompatible squashed migrations:
If you are currently on a release < 1.2.0, you will need to first install 1.2.0 thenmanage.py migratebefore
upgrading to >= 1.3.0. - Improved the tutorial.
Removed
- Remove support for Python 3.4
- Remove support for Django<=2.0
- Remove requirement for oauthlib<3.0
Fixed
- Fix a race condition in creation of AccessToken with external oauth2 server.
- Fix several concurrency issues. (#638)
- Fix to pass
requesttodjango.contrib.auth.authenticate()(#636) - Fix missing
oauth2_errorproperty exception oauthlib_core.verify_request method raises exceptions in authenticate.
(#633) - Fix "django.db.utils.NotSupportedError: FOR UPDATE cannot be applied to the nullable side of an outer join" for postgresql.
(#714) - Fix to return a new refresh token during grace period rather than the recently-revoked one.
(#702) - Fix a bug in refresh token revocation.
(#625)